9.springboot2.X整合redis-shiro
1.整合有关redis依赖
org.apache.shiro
shiro-spring
1.4.0
org.crazycake
shiro-redis
2.4.2.1-RELEASE
redis.clients
jedis
2.9.0
2.redis缓存简单的配置,像序列化策略啥的都是默认的
/**
* redis配置
*
* */
public class RedisConfig {
/**
* redisManager
*
* @return
*/
public RedisManager redisManager() {
RedisManager redisManager = new RedisManager ( );
//主鸡地址
redisManager.setHost ("127.0.0.1");
//端口
redisManager.setPort (6379);
// 配置过期时间
redisManager.setExpire (1800);
return redisManager;
}
/**
* cacheManager
*
* @return
*/
public RedisCacheManager cacheManager() {
RedisCacheManager redisCacheManager = new RedisCacheManager ( );
redisCacheManager.setRedisManager (redisManager ( ));
return redisCacheManager;
}
/**
* redisSessionDAO
*/
public RedisSessionDAO redisSessionDAO() {
RedisSessionDAO redisSessionDAO = new RedisSessionDAO ( );
redisSessionDAO.setRedisManager (redisManager ( ));
return redisSessionDAO;
}
/**
* sessionManager
*/
public DefaultWebSessionManager SessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager ( );
sessionManager.setSessionDAO (redisSessionDAO ( ));
return sessionManager;
}
}
3.redis缓存配置到你的shiro配置里
@Bean
DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager manager = new DefaultWebSecurityManager ( );
//自定义的Realm交给manager
manager.setRealm (myRealm ( ));
// 自定义缓存实现 使用redis
manager.setCacheManager(new RedisConfig ().cacheManager ());
// 自定义session管理 使用redis
manager.setSessionManager(new RedisConfig ().SessionManager ());
// 使用记住我,注入配置
manager.setRememberMeManager(new RememberMeConfig ().rememberMeManager ());
return manager;
}
你想要缓存必须配置session管理器,redis管理器 ,redisSession
贴上配置代码:
@Configuration
public class RememberMeConfig {
/**
* cookie设置
* */
public SimpleCookie rememberMeCookie(){
//这个参数是cookie的名称,对应前端的checkbox的name = rememberMe
SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
//cookie生效时间30天,单位秒;
simpleCookie.setMaxAge(2592000);
return simpleCookie;
}
/**
* cookie管理对象;记住我功能
* @return
*/
public CookieRememberMeManager rememberMeManager(){
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
cookieRememberMeManager.setCookie(rememberMeCookie());
// cookieRememberMeManager.setCipherKey用来设置加密的Key,参数类型byte[],字节数组长度要求16
// cookieRememberMeManager.setCipherKey(Base64.decode("3AvVhmFLUs0KTA3Kprsdag=="));
cookieRememberMeManager.setCipherKey("ZHANGXIAOHEI_CAT".getBytes());
return cookieRememberMeManager;
}
}
/*授权和认证逻*/
public class CustomRealm extends AuthorizingRealm {
@Autowired
UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println ("执行授权逻辑");
SimpleAuthorizationInfo simpleInfo = new SimpleAuthorizationInfo ( );
//获取登录用户名
String name = (String) principalCollection.getPrimaryPrincipal ( );
//之后在数据库查询他是什么角色 什么权限一一添加他们
List listRoles = userService.listRoles (name);
// simpleInfo.addRoles (listRoles);直接添加多个角色或者forench添加
for (String role : listRoles) {
simpleInfo.addRole (role);
}
//添加角色下的权限 比如crud
List listPermissions = userService.listPermissions (name);
System.out.println (listPermissions.size ( ));
simpleInfo.addStringPermissions (listPermissions);
//设置好权限返回
return simpleInfo;
}
@Override
protected SimpleAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
;
//加这一步的目的是在Post请求的时候会先进认证,然后在到请求
if (null == authenticationToken.getPrincipal ( )) {
return null;
}
System.out.println ("执行认证逻辑" + getName ( ));
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
//获取用户登陆的名
String name = token.getUsername ( );
//查出的密码和盐封装成User
User user = userService.getPwdByName (name);
if (null == user) {
//用户名不存在
return null;//抛出一个空的对象 抛出异常UnknowAccountException
}
//密码
String pwd = user.getPassword ( );
//盐
String salt = user.getSalt ( );
//真盐=name+salt
salt = name + salt;
//这里验证authenticationToken和simpleAuthenticationInfo的信息
return new SimpleAuthenticationInfo (name, pwd, ByteSource.Util.bytes (salt), getName ( ));
}
}
你的这些配置也可以配到shiroConfig 方法里
/*常用的过滤器
* anon:无认证
* authc:必须认证 登陆即可
* user: 使用记住我可以直接访问
* perms: 必须有资源权限 比如crud
* roles: 必须有角色权限
* */
@Configuration
public class ShiroConfig {
/**
* 创建自定义配置的Realm
*/
@Bean
CustomRealm myRealm() {
CustomRealm customRealm = new CustomRealm ( );
//注入加密算法
customRealm.setCredentialsMatcher (hashedCredentialsMatcher ());
return customRealm;
}
/**
* 创建DefaultWebSecurityManager管理器,使它管理自定义的Realm
*/
@Bean
DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager manager = new DefaultWebSecurityManager ( );
//自定义的Realm交给manager
manager.setRealm (myRealm ( ));
// 自定义缓存实现 使用redis
manager.setCacheManager(new RedisConfig ().cacheManager ());
// 自定义session管理 使用redis
manager.setSessionManager(new RedisConfig ().SessionManager ());
// 使用记住我,注入配置
manager.setRememberMeManager(new RememberMeConfig ().rememberMeManager ());
return manager;
}
/**
*创建shiroFilterFactoryBean
* 关联一个securityManager ( )管理器
*/
@Bean
ShiroFilterFactoryBean shiroFilterFactoryBean() {
ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean ( );
bean.setSecurityManager (securityManager ( ));
//登陆页
bean.setLoginUrl ("/login");
//登陆成功后界面
bean.setSuccessUrl ("/index");
//未授权跳转到
bean.setUnauthorizedUrl ("/tip");
Map map = new LinkedHashMap<> ( );
//anon是把限制权限改为无限制
//map.put ("/index", "anon");
//authc 登陆后可以访问
// map.put ("/**", "authc");
map.put ("/add", "authc");
//权限必须有addProduct才可以访问
map.put ("/update","perms[addProduct]");
//角色是admin 才可以访问超级管理员界面
map.put ("/admin","roles[admin]");
bean.setFilterChainDefinitionMap (map);
return bean;
}
/**用于ShiroDialect和thymeleaf标签配合使用*/
@Bean(name = "shiroDialect")
public ShiroDialect shiroDialect(){
return new ShiroDialect ();
}
/**
* 密码加密算法设置
* @return
*/
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher(){
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");
//散列的次数
hashedCredentialsMatcher.setHashIterations(2);
return hashedCredentialsMatcher;
};
}
具体细节就是redis缓存具体的配置还没弄,很多默认的设置,比如序列化后都乱码了而不是json格式的? 解决办法百度把
